outages and some academic dns fun from France

are-you-serious-wtf-meme-baby-faceI awoke one day months ago to read this in the zoo’s logs.

Zone update refused: (zone*/IN): 2 Time(s)

Who is

inetnum: –
descr: MI2S (Moyens Informatiques et Multimedia, Information scientifique)
descr: reseaux IMAG du campus, de Gieres et de Montbonnot
descr: UMS MI2S (Moyens Informatiques et Multimedia, Information Scientifique)
country: FR
address: 110 Rue de la Chimie
address: Domaine Universitaire
address: BP 53
address: 38041 Grenoble Cedex 9

Bonjour ! One of the many probers (my blog) we seem to get but continue.

chickenBeing it seems one of the few who ‘do’  dns and mostly like it.  The recent dns outage (omg twitter is down) appears to me that when ‘professionals’ outsource dns to three providers the greater the problems become .   Not much glory in dns sure but i like it

basketOk sure the zoo is not google and some specialists are needed but putting all your eggs in one basket means i hope it does not trip over.  Much blame is pointed at bgp but then if isp’s wont fix or buy routers minus that bug then clearly me ringing up our isp and asking for fix at a level 1 support person probably will mean no further action by the isp  even if said person knows what bgp is.

The other thing is the iot in this where webcams and cctv stuff is being ‘misused’ but hey that’s proprietary software but if routers blocked shodan (my blog) scanning then that might slow down crap from intentional bad configurations (my blog) . or devices with built in back doors via shit software.

Think about it.

We had no dns outage from either event.

If you know what bgp then visit the zoo and claim your valuable prize* from the monkey house.

* a banana skin.

cometh the branded poppy seller

olivecookeThe poppy appeal has good and bad reasons attached to it say does it mean support the armed forces minus benefits (the Armed Forces Covenant) or lets go to war in Syria/Iraq again because the sand is better than in cornwall ?

Olive Cooke (my blog) is also a problem for the charity sector with a plethora of other poppy like things our zoo poppy mugger last year was equipped with a range of branded merchandise all paid for by that person into a quasi uniform.

I have misgivings about how the poppy appeal is used by various organisations, the possible abuse of its volunteers and its movement into uniform and stuff noted earlier.  Perhaps with other armed forces on the rise hi lighting the loss of the Armed Forces Covenant the poppy is not what we think it is.  After all if more charities are created does that not mean the poppy appeal works or that covenant is? and is simply a brand name now.

Have a think about it.

Exploring opendmarc in debian jessie

clownbootUses horrible mysql (my blog) for a database so i just looked at the milter.

Spf needs an ar header so you need to read a man page although that seems to be a bit buggy in debian stable although amavis (my blog) does ar.

It lives on and it appears all those it bloggers do not run opendmarc so there are not many blogs with bad information like for dkim although to call some bloggers technical is perhaps stretching things and many just rehashing not there content only for the advert views.

In debian the conf file is simple and examples can be found however while the software works not all options work.

Using jessie defaults seem to want one host one email server so if like the zoo you have five mta’s hanging off one piece of hardware your doing to need to do some work.

In an hour i got a working opendkim instance and plumbed it in and checking the plumbing was able to get messages in and out as before so i left it like that and see what happens in a weeks time.

Examples include auth and forensicreports Here is one error line

postfix/smtpd[17677]: warning: connect to Milter service inet: Connection refused

I also notice with Header_Type = AR you get no spf line appended in the email that’s an unrelated problem with postfix-policyd-spf (my blog) probably that hinders opendmarc.

One site suggested you use the backports repo a suggestion i did not take up and some changes to postfix with extra headers (not ar).

I also created a history file and enabled it and that stubbornly recorded nothing even with a restart.

failI will take a another look at opendmarc in the future but it strikes me as  not worth the bother inbound and the mysql is off-putting.  Could be wrong but that was what a weeks worth of activity recorded.

Email was signed with dkim and was sent and received so our email server was working during the time with the new milter.

This might be a compile it yourself thing for all i know at this stage in Debian or maybe i do not need it.


thunderbirdsThunderbirds (my blog) is a continuation of that and is mildly interesting although it was a pure sugar rush (yesterday) but now has less action than before and now it tries to concentrate on characters.

As childrens tv goes the younger apes in the zoo enjoy it and is positive about science.   Oddly this is made for commercial tv rather than the usual suspects so there might be a political angle to it.

Some merit can be found in this and when professor visited some young humans who had the toys and even he knew of them.

Indian legions of crooks & scammers finally pisses off the wrong people

Phone numbers are pretty random and if your an professional scam  indian (my blog) telling me or the zoo we have a virus*, or tax refund then its safe to say most of us regard those as crime.

What surprised me and many others was that clearly they had been ringing the wrong phone numbers when somebody in the US and elsewhere finally  got the indian police to raid these crime call centres and arrest hundreds of criminals in phone fraud – i was only doing my job seems to be no excuse.

It will be interesting to see if any money is recovered by governments from tax fraud or if the money stolen will remain in India meaning that crime pays well  for india.  Perhaps if it does not it should be recorded as an economics net gain i suggest if this happens it should be called Kkaran Bahree netgain** funds.

Somebody in India did ring the wrong phone number once too many but the zoo is not one of those numbers.

*i had a cold? ** a real Indian who was the first example of bad outsourcing.

as seen on tv and now please call a charity or else

Bananas was watching a program on tv i usually catch up on demand it is un blog worthy usually although i have mentioned it here as something else.

It differs greatly, and the thing i saw is more adult than the blog content i could compare it tooand that is where my problem lies that at the end a helpline (my blog) was given out for those ‘affected’ by the content.

dontcallmecrazyIt seems as if the sjw’s have invaded tv, and the nuances of the thing have lost with the sjw’s in tv adding the ‘downer’.

While the original was lacking i rather liked the depressing angle in the tv version however badly handled at the end.

My name is bananas in the falklands and i am a banana addict* – you happy broadcast  tv sjw’s ?

*i joke – bananas anonymous does not exist

The year of the microsoft office virus

With this (my blog) our mail thing is detecting more viruses* in microsoft office things than ever before, that is excluding the 90% of hosts who fail the mail server tests for the usual stuff.

moranI wonder how soon it will before microsoft have to ‘invent’ an no executable document format.  Getting those people to use it (my blog)  might be a problem.  It is not beyond me to start blocking xls,doc and ppt formats.

We dont use microsoft crap here at the zoo.  Why are you?

*probably got them before but had no means of detection

Windows 10 and cups (ipp)



Bananas had the curious experience of looking at a windows ten pc (my first), it was newish hardware so ‘f-a-s-t’ but it would not scan for ipp printers (that’s cups hosts) on the lan.

It would scan for samba hosts which don’t exist and it reminded me of  windows vista without the bugs, windows help is is still thoroughly retarded i mean how dare i connect a windows pc to a ‘apple’* printer network.

I won’t be buying windows 10 Microsoft. btw and i had access to this pc two minutes.

If you where forced to upgrade like the person who showed us this pc then your life sucks, but that is what microsoft think is best for you including spying upon you then i feel sorry for you. If i where the doj i would ask for more nsa access to the Microsoft network – would  not you? – this non zoo pc took the liberty of using our lan to download updates – so much for the user choice and control.

Being curious the next day i discovered that you have to turn on cups from software features, google knew that which windows help in the two minutes i had would not tell me since cups is evil.

It was also adblocker free i do hope there is no isp quota for you windows 10 humans.

*Linux users read this (my blog)


bad dns senders in the wild

In this (my blog)  i collected and geoip’ed where bad dns requests came from

These countries all where under 100 ip address entries – these go low to highest


teamamericaThe top scorers by ip address where

BE 109
AU 129
JP 135
DK 137
BR 145
CH 152
CA 173
RU 174
GB 314
RO 334
DE 500
ES 621
CN 987
None 1282 (not in geoip db)
FR 1516
NL 1808
US 3753

Still no north korea  in those codes.  None – means no country identified which is obscured say a Russian has contact details in a .ae [middle east] based ip space.  Another fun guess who is Russians using .ua (Ukraine) ip addresses.

Congrats to the US as the winner for sending the most crap.

minionThese are top ip addresses the log keeps seeing with junk dns requests again from lowest (100 > 1000)

Have fun with this.  I did.